@lock-sdk/payload-guard
Version:
Payload guard detection module for Lock security framework
73 lines (59 loc) • 2.64 kB
TypeScript
import * as _lock_sdk_core from '@lock-sdk/core';
declare enum PayloadGuardEventType {
XSS_DETECTED = "xss.detected",
SQL_INJECTION_DETECTED = "sql.injection.detected",
COMMAND_INJECTION_DETECTED = "command.injection.detected",
PATH_TRAVERSAL_DETECTED = "path.traversal.detected",
GENERAL_INJECTION_DETECTED = "general.injection.detected",
SSRF_DETECTED = "ssrf.detected"
}
interface PayloadGuardConfig {
mode: 'detect' | 'block';
blockStatusCode?: number;
blockMessage?: string;
checkParts?: Array<'params' | 'query' | 'body' | 'headers' | 'cookies'>;
excludeHeaders?: string[];
excludeFields?: string[];
detectXSS?: boolean;
detectSSRF?: boolean;
detectSQLi?: boolean;
detectCommandInjection?: boolean;
detectPathTraversal?: boolean;
enableCaching?: boolean;
cacheTtl?: number;
cacheSize?: number;
failBehavior?: 'open' | 'closed';
}
interface PayloadCheckResult {
detected: boolean;
type?: PayloadGuardEventType;
path?: string;
value?: string;
pattern?: RegExp;
}
/**
* Recursively traverses an object to check each string value for injection attacks
* @param obj The object to check
* @param path Current path in the object (for reporting)
* @param detectors Array of detector functions to run
* @param excludeFields Fields to exclude from checking
*/
declare function traverseAndCheck(obj: any, path: string | undefined, detectors: Array<(value: string) => PayloadCheckResult>, excludeFields?: string[]): PayloadCheckResult;
declare function detectCommandInjection(value: string): PayloadCheckResult;
declare function generateHash(str: string): string;
declare function detectNoSQLi(value: string): PayloadCheckResult;
declare function detectPathTraversal(value: string): PayloadCheckResult;
declare function detectSQLi(value: string): PayloadCheckResult;
declare function detectSSRF(value: string): PayloadCheckResult;
declare function detectTemplateInjection(value: string): PayloadCheckResult;
declare function detectXSS(value: string): PayloadCheckResult;
declare const PATTERNS: {
xss: RegExp[];
sqli: RegExp[];
commandInjection: RegExp[];
pathTraversal: RegExp[];
nosql: RegExp[];
templateInjection: RegExp[];
};
declare const payloadGuard: (config?: Partial<PayloadGuardConfig> | undefined) => _lock_sdk_core.SecurityModule;
export { PATTERNS, type PayloadCheckResult, type PayloadGuardConfig, PayloadGuardEventType, detectCommandInjection, detectNoSQLi, detectPathTraversal, detectSQLi, detectSSRF, detectTemplateInjection, detectXSS, generateHash, payloadGuard, traverseAndCheck };